Update of this document: November 2023
Mylvas BV, Belgium explicitly confirms that all personal data will be processed in accordance with the applicable local regulations and the Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter GDPR) in as far as already possible and desirable. We would like to inform you how we will use your personal data, and to give you choices about this. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and how we use it. Please read this document carefully
1. GOAL OF THIS PRIVACY NOTICE
This Privacy Policy (Privacy Policy)applies to all personal data collected of Users of the Mylvas platform. This includes all healthcare professionals and individual users that register for a Mylvas account .
This Privacy Policy does not apply to the patient data that Mylvas processes on demand for registered hospitals, imaging centers, dental practices, 3D imaging labs. For all matters, involving thesedata, we refer to the privacy policy of the related institution or companies.
This Privacy Policy also applies to all personal data collected of Users of the Mylvas website that fill out a contactor demo request form.
This Privacy Policy applies in addition to any terms and conditions and other policies of Mylvas applicable to the Services.
2. USE OF YOUR PERSONAL INFORMATION (OUR CAUSE)
We will treat all personal information you provide us with, in confidence, in accordance with this Privacy Policy and the applicable international requirements.
2.1 App.mylvas.com: secured webspace – the mylvas platform
When using the Mylvas platform the required personal information is registered in our databases and will be processed in order to:
· Assure traceability on registered access to medical data;
· Implement appropriate secure authentication and authorization methods. This implies sending e-mails and/or text messages for two-factor authentication protocols;
· Automated sending of notification mail/or text message in case new study becomes available to the registered healthcare users in Mylvas.
· Manual sending of links to validated reports or requests to registered hospitals, imaging centers, dental practices,3D imaging labs via encrypted mail.
· Improve the quality of our services and information;
· Provide a list of registered healthcare professionals to hospitals, imaging centers, dental practices, 3Dimaging labs that use Mylvas for collaboration purposes. This list only includes Name, First Name and National Identification Number as a doctor or other Healthcare professional.
The provided personal data related to a registered healthcare professional account will be stored for a period of 2 years after the last registered successful login attempt.
The data on the exams that have been accessed will be stored for 10 years, unless we have to keep the information longer for legal purposes.
2.2 Mylvas.com: public webspace
You can visit our company website without disclosing personal information. In case personal information is provided when e.g. filling out a contact form, this information is stored to:
· Contact you to provide the requested information;
· Improve the quality of our services and information;
The provided personal data is stored for the duration of the requested service + 2 years.
3. COLLECTED INFORMATION
The information provided to us can, amongst others, consist of personal data. By 'personal data' we mean any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The personal data we collect depends on the method of collection:
Using the public webspace:
Anonymous but in these specific cases the mentioned information is registered:
- Name + first name
- Email address
- Company + function within the company (if applicable)
- Address + country
- Phone number
- Submitting a contact form
- Name
- Email address
- Phone number
- Images / Photos
- Radiology , Pathology, Dentalstudies
Using the secured webspace:
Registration for an account as healthcare professional:
- Physician national identification nr.
- Family name, First name
- Address
- IP address
- Telemedicine activity
- Standard e-mail
- Password
- Confirmation of password
- Encrypted e-mail (if already existing)
- Mobile phone number
- Modalities/examinations for which you are available
- Default availability days and time slots
- Maximum time to send a report(in hours)
- Price for each type of request
- Second opinion offered
- Images / Photos
- Radiology , Pathology, Dentalstudies
Registration for an account as hospital, imaging center, dental practice, 3D imaging lab
- National registration number of the healthcare institution
- Name of the healthcare institution
- Address
- Person responsible for the account
- Standard e-Mail
- Password
- Password confirmation
- Telephone nr of the administrative manager
- Encrypted e-mail
- Service telephone of the requesting department
- Additional mails for non-sensitive e-mails
- IP address
- Images / Photos
- Radiology , Pathology, Dentalstudies
Log on to the secured website with an account: general
- User ID
- Timestamp of logon
- Accessed exams
- IP address
Log on to the secured website with an account to make a request
- Modality
- Exam performed
- Date
- Hour
- Accession number
- Comments from technologist: if applicable
- Patient name
- Patient ID
- Patient age
- Requesting physician
- Clinical information
- Reason for study
- Images / Photos
- Radiology , Pathology, Dentalstudies
Log on to the secured website with an account to create a patient
- Unique patient ID
- Name
- Date of Birth
- Sex
- Address
- Patient e-mail
- Patient Mobile phone nr
Log in to the secure pages without an account to make a "second opinion" request
- Performed examination
- The application for the secondopinion
- Initial report
- Reason for a second opinion
- As a doctor
- Name, first name
- Specialization
- Mobile phone
- As a patient
- Name, first name
- Address
- Mobile phone
- Images / Photos
- Radiology , Pathology, Dentalstudies
Uploading personal health information
Mylvas facilitates the uploading of personal health information from either other websites, media carriers or even from a mobile device. In all circumstances, an explicit consent is required from the user regarding:
- The access to the information location
- The specific document/image/data/file to be uploaded, such as but not limited to:
o Medical Images
o Medical Results
Mylvas saves this information into a secure site, compliant with the European Electronic Health Data Space (EHDS) regulation.
Once saved in our safe location, the files will never be forwarded or downloaded. In case an user requests explicitly to share information, only a link to that information will be shared, not the original data.
Sharing personal medical information
Mylvas facilitates the sharing of personal health information with third parties. When doing so from a mobile device Application, we offer to access the device contact list to get the name and email of the contact list to select one of them. An explicit consent message will be displayed and user consent will be required.
We will access :
- The contact name and surname
- The contact e-mail.
COOKIES
In addition, with each Mylvas session a cookie is used to register the session ID which is used if the user is logged on. No personal information is stored within the cookie.
ACCESS TO IMAGE FOLDER & CONTACT LIST
In order to help and to assist the user in uploading images or filling out data regarding contacts with whom the user wants to share data, the mylvas app might get access to the Image folder and Contact list. Mylvas uploads only the by the user selected items or fields.
4. CONSENT
All processing of the personal information gathered at present lies within the legitimate interests of the data controller.
If Mylvas decides to use the gathered personal data, obtained through the Mylvas website for additional purposes and for which legitimate interest is not a valid ground, consent for the related processing will be asked through the Mylvas interface before actual processing of the related data. To give consent it will be required to tick a box stating "that you consent to the processing of your personal data for the mentioned purposes". You will have the right to withdraw your consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal. You can withdraw your consent by checking off the ticked box.
5. YOUR RIGHTS
5.1. RIGHT OF ACCESS, RECTIFICATION AND ERASURE
We offer you the opportunity to view, change or delete all personal data you provide to us. This is free of charge for you.
View and change your personal data: If you wish, you can request an overview of your personal data and amend this where necessary.
Deletion of your personal data: you can decide at any time to delete your personal data for future use from our database if these data are not required to be retained for statutory or legitimate business purposes.
IMPORTANT: This only involves personal data with respect to a personal account on Mylvas or personal data provided through the company website. Mylvas processes patient data as commissioned by the registered hospitals, imaging centers, dental practices, 3D imaging labs. Therefore, all requests regarding patient data must be filed with the related institute or company.
You can also decide at any time that you no longer wish to be contacted by us.
5.2. RIGHT TO RESTRICTION OF PROCESSING
In certain cases, you also have the right to request that Mylvas restricts the processing of your personal data.
5.3. RIGHT TO DATAPORTABILITY
You have the right to demand that Mylvas hands over any personal health data we process on the basis of your consent or in order to fulfil a second opinion request.
5.4. HOW TO EXERCISE YOUR RIGHTS?
In case you want to exercise one of the above-mentioned rights with respect to data for which Mylvas acts as the processor and for which a hospital, imaging center, dental practice, 3D imaging lab is the controller, the request must be filed with the related imaging department.
For data gathered directly by Mylvas, the above requests can be made by contacting us by mail (info@Mylvas.com) or by letter addressed to our head office at Mylvas HQ address and providing us with a copy of the front side and back side of your ID card.
After verifying your identity and request, we will do everything reasonably possible to comply with your request unless the viewing, changing, deletion or restriction of data would require completely unreasonable measures (e.g. would be technically or organizationally virtually impossible or extremely costly). We may refuse to process requests that are unreasonably repetitive or systematic.
Your request will be handled within one month after receipt thereof.
6. HOW TO NOTIFY INFRINGEMENTS TO YOUR RIGHTS ANDFREEDOMS?
If you believe, at any moment, that Mylvas infringes your rights and freedoms, please send an e-mail to our data protection officer, using the following address: info@Mylvas.com.
We will do everything reasonably possible to identify and solve the problem.
In this event, you can also contact the relevant Supervisory Authority of your country.
7. THIRD PARTIES
Personal data collected by Mylvas may be transferred or disclosed to third party contractors, subcontractors and/or subsidiaries for the purposes for which the visitor has submitted the information and for the administration of our system or site and/or other internal, administrative purposes. Personal data may also be transferred to third party service providers of identity management, website hosting and management, data analysis, data backup, security and storage services. As a result, personal data may be transferred outside the country (only EU ) where the visitor is located. By submitting data on Mylvas website, the visitor is providing explicit consent to the transfer of such data for the fulfilment of his or her voluntary requests or otherwise as set out in the 'How we use your personal data' section.
It is Mylvas' policy to disclose information to third parties under the following circumstances only:
· As required by applicable law, statute, rule, regulation or professional standard, or through subpoena, search warrant or other legal process
· For regulatory compliance purposes
. At the explicit request of the user
· When required to facilitate conferences or events hosted by a third party
· Or otherwise as set out in this statement.
8. SECURITY
Mylvas will, to the extent possible, take technical, physical and organizational security measures which comply with applicable laws in the field of privacy and data security in order to guarantee a secure processing of your personal data. The risks of accidental or unauthorized destruction, accidental loss, alteration of or access by unauthorized persons, and any other unauthorized processing of your personal data are therefore reduced to a minimum.
9. CHANGES TO THE PRIVACY POLICY
We may change this Privacy Policy from timeto time by posting the updated version of the Privacy Policy on the Mylvascompany website. When we publish changes to our Policy, we will change the dateof the "last update" of our Privacy Policy. We therefore encourage you to check our Privacy Policy periodically.
10. CONTACTING US
In case you have a concern or question about our use of your data or you have any questions with regard to this Privacy Policy or you want to request a copy of your personal data, want to change or delete your personal data or want to request the restriction of the processing of your personal data:
· you can contact us by mail using the e-mail address info@Mylvas.com
If you prefer, you can write us at Mylvas company address and or the DPO at the same address.
For identification purposes, you are requested to include a copy of the front and back side side of your identity card.